diff options
Diffstat (limited to '')
| -rw-r--r-- | auth_model.ini | 14 | ||||
| -rw-r--r-- | main.go | 2 | ||||
| -rw-r--r-- | policy.csv | 9 |
3 files changed, 25 insertions, 0 deletions
diff --git a/auth_model.ini b/auth_model.ini new file mode 100644 index 0000000..9ca4b92 --- /dev/null +++ b/auth_model.ini @@ -0,0 +1,14 @@ +[request_definition] +r = sub, obj, act + +[policy_definition] +p = sub, obj, act + +[role_definition] +g = _, _ + +[policy_effect] +e = some(where (p.eft == allow)) + +[matchers] +m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act @@ -27,6 +27,7 @@ var ( // LoadTokens load tokens from a csv into a map func LoadTokens() (map[string]string, error) { tokenMap := make(map[string]string) + // TODO this should be configurable contents, err := os.Open("tokens.csv") if err != nil { fmt.Println("File reading error", err) @@ -139,6 +140,7 @@ func Authorization(enf *casbin.Enforcer, next http.Handler) http.Handler { } func main() { + // TODO this should be configurable enf, _ := casbin.NewEnforcer("./auth_model.ini", "./policy.csv") flag.Parse() if *newToken { diff --git a/policy.csv b/policy.csv new file mode 100644 index 0000000..0722f5e --- /dev/null +++ b/policy.csv @@ -0,0 +1,9 @@ +p,role:admin,config,admin +p,role:maintainers,/cch/info/refs,GET +p,role:maintainers,/cch/git-upload-pack,POST +p,role:maintainers,*,write + +g,role:admin,role:maintainers + +g,admin,role:admin +g,uid:grumps,role:maintainers |